Reputation: 29
Restrict world access to Amazon S3 URLs
I've configured an S3 bucket with CloudFront and using alternate domain name provided by CludFront (I setup the domain alias images.mydomain.com at my DNS zone file). At my DNS host the CNAME I'm pointing to xyz.cloudfront.net. Both my s3 bucket name and CNAME domain alias are images.mydomain.com.
I want world to access my images at images.mydomain.com/image.jpg and this is working perfectly.
The problem is the same resource is directly accessible by the world via below two URLs too and I don't want this to happen. I want only images.mydomain.com/image.jpg to work for world and not the below two.
images.mydomain.com.s3.amazonaws.com/image.jpg s3.amazonaws.com/images.mydomain.com/image.jpg
How do I achieve this? please help.
Upvotes: 3
Views: 3225
Answers (1)
Reputation: 46859
You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs, they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't.
Upvotes: 3
Related Questions
- is there a way to limit access to s3 presigned url
- How to restrict S3 bucket access by network
- Restrict my Amazon S3 bucket access to specific Country
- Restrict access to website hosted on S3
- AWS S3 Access Policy - Restricting Folder Access
- How to restrict the public access
- How do I restrict access of my S3 web site to specific domains or IP addresses?
- Restricting Access to S3 to a Specific IP Address
- Restrict S3 permissions to just website
- How to restrict Amazon S3 API access?